If the salt hasn't been compromised, then the passwords should be safe, no?
It's not entirely clear if the attacker got access to the Mt.Gox source code, but at the moment it's probably safer to assume the salt was compromised as well.
there is no >the salt< in this case it's 59231 password hashes with 59219 >different< salts. and ~1700 simple md5 hashes.
well look at what some of the users have in there rigs and there are programs like Extreme GPU Bruteforcer out there that can do up to 700million passwords a sec on a geforce 250 and with what people here have in there rigs it would not take long at all.
we're talking about md5crypt a.k.a MD5(Unix) a.k.a. FreeBSD MD5 ...not simple md5()!
with a decent gpu you'll be lucky to get ~1.5Mhash/s per gpu, not 700M. On a single HD4870 i'll get ~640.0k/s , that's nothing.
anything else than a wordlist attack is pretty useless on these hashes. so if you have a at least decent 8char pass, you should be fine.
if you're one of the poor guys, who's pass was encrypted with simple md5()...well good luck then. but the rest shouldn't worry too much.
however everyone still should change his password when they are back online
Except that an account with 500k and other accounts were hacked and it's true. So you're opinion that it's all ok is bs.